Ford is enlisting top U.S. universities to make self-driving cars a reality, announcing that it hopes researchers at MIT can come up with advanced algorithms to help vehicles learn where pedestrians and other automobiles will be located.

Traditional PCs were used at historically low rates last quarter to open emails, another sign that a long-time task of those notebooks and desktops has been hijacked by mobile devices, an email-centric firm said today.

By 2017, the typical mobile user will share their personalized data stream with 100 applications and services every day, with wearable devices and Internet-connected appliances fueling the use trend, according to Gartner.

Local officials in China said the incident was the result of a malfunction in the country's domain name system. They called on authorities to do more to protect China's DNS servers. US-based security researchers, however, said a DNS outage or hack was most likely not the cause. A public DNS server operated by Google returned the same faulty IP addresses generated by China's official servers, these researchers said. They pointed out that Dynamic Internet Technology operates services designed to circumvent China's censorship regime, which is often referred to as the Great Firewall of China (GFW).

Google, through its plan to link Gmail addresses to its Google+ social network, is violating a privacy agreement the company made with the U.S. Federal Trade Commission, a long-time critic of the company's privacy practices said in a complaint to the agency.

It's rare that a company would release internal data on drive failure rates -- even more so when that company, Backblaze, earns its living storing consumer data in the cloud. That makes the hard drive data released this week even more valuable.

Google, through its plan to link Gmail addresses to its Google+ social network, is violating a privacy agreement the company made with the U.S. Federal Trade Commission, a long-time critic of the company's privacy practices said in a complaint to the agency.

Verizon Communications received more than 320,000 requests for customer information from U.S. federal, state and local law enforcement agencies in 2013, more than 100 times the number of requests from any other country, the telecom carrier said in its first surveillance transparency report.

If you've ever wanted to ask NSA whistleblower Edward Snowden a question, you might get your chance on Thursday, January 23 at 3 PM ET/12 PM Pacific. The man who revealed the startling revelations about the NSA's Prism program and cell phone metadata collection--and inspired a slew of security-focused apps and services--is lining up for his second official question and answer session tomorrow.

In 2006, Mitchell Frost, then a 19-year-old college student at the University of Akron, used the school's computer network to control the botnets he had created. Authorities say between August 2006 and March 2007, Frost launched a series of denial of service (DDOS) attacks against several conservative web sites, including Billoreilly.com, Anncoulter.com and Rudy Giuliani's campaign site, Joinrudy2008.com. He is accused of taking down the O'Reilly site five times, as well as disrupting the University of Akron's network during a DDOS attack Frost allegedly launched on a gaming server hosted by the university.

Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time, an expert in speech recognition said.

The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor. The privacy risk, according to a blog post published Tuesday, stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in.

In this demonstration video, a site given permission to access the microphone continues to record all sounds within earshot of the computer with no clear indication of what's happening. From there, Israeli researcher Tal Ater said, the audio is sent to Google for analysis before being sent to the site that made the request. Once permission has been granted, Chrome can be programmed to begin recording only after certain keywords—say, "Iran" or "National Security Agency"—are uttered.

Google Glass isn't without its limitations -- not to mention privacy concerns -- but Google Glass 'Explorers' are finding many ways to use the device to work smarter and faster. The key to more widespread adoption, though, will be seamless integration into existing technology workflows.

LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in php:
The openssl_x509_parse function in openssl.c in the OpenSSL module in
PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a
'\0' character in a domain name in the Subject Alternative Name field
[More...]

LinuxSecurity.com: Updated spice packages fix security vulnerability:
A stack-based buffer overflow flaw was found in the way the
reds_handle_ticket() function in the spice-server library handled
decryption of ticket data provided by the client. A remote user able
[More...]

Vendors don't normally brag about slower products but Advanced Micro Devices is making an exception for its latest Opteron 6300 processors, which have a slower clock speed than their predecessors to reduce power consumption.

Top 10 Influencers in Banking InfoSecBankInfoSecurity.comTo acknowledge individuals and organizations that are playing critical roles in shaping the way financial services organizations approach information security and privacy, BankInfoSecurity and CUInfoSecurity have announced their annual list of Influencers.

Now that OS X Mavericks Server has some new enterprise-oriented features and the updated Mac Pro has finally arrived, it's time to ask whether Apple is edging back into the data center, says columnist Ryan Faas.

Initially when major breaches or incidents announced via the media, everyone and their pet dog has a theory about how it happened. As an Incident handler, I love a good explanation of what really happened when systems get breached, rather that the wide ranging, speculative theories. Most of us completely understand that during a breach information has to be limited to a need to know basis while the incident is being worked on and have to run their course before the investigators can even think about publically publishing their findings. That means the armchair security experts can pontificate endlessly of what they think happened. When an official report does get published of the breach, I tend to feel big chunks are missing, with some excellent notable exceptions. When discovering a public, well written, comprehensive report, that dives in to the nitty-gritty of an attack it cries out to be shared and should be cherished, voraciously dissected, pillaged for any tactical or strategic indicators and then carved up for lessons learned whenever they surface.

So when an IR report was published today and I read it, I got rather excited*. There have been a number of stories on ColdFusion attacks over the last year. Brian Krebs had reported on a particular interesting case [1] of attacks against ColdFusion, but despite Brian’s excellent pieces, I hadn’t found the real technical meat of what happened and how.

RSA's Incident Response Team today published [2] their findings dealing with a particular adversary that took advantage of a known vulnerability in ColdFusion and used as a bridgehead to gain access to the internal network then fully compromise it and exfiltrate data across multiple forms and companies. I won’t spoil the read, (the full PDF is here [3]) but they provide plenty of exacting details, the tools techniques and procedures used , their own suggested lessons learned and a stack of indicators of compromise [4] for you to run against your own networks.

To me, reports like these should be compulsory reading if you're in a security role. Following the twists and turns an attacker took to get that initial compromise then how they pivoted inside a network and pillaged the data. We as security people need to understand what and how these other firms were compromised, then flip the attack on your own systems and see how we can detect or protect against becoming the next breach story in the spotlight.

If you know of any other papers you believe IR teams should have to read on the details of a breach , add them in the comments or send them in to us [5]

German infosec agency: 16 million account details stolenBusiness TechnologyGerman infosec agency: 16 million account details stolen. 22 January 2014 • By Matt Smith. Nearly 16 million German and French email addresses and passwords for online accounts have been stolen by botnet operators, according to the German Federal ...and more »